CVE-2025-15578

{"id": "CVE-2025-15578", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-02-16T22:22:40.557", "references": [{"url": "https://metacpan.org/dist/Maypole/source/lib/Maypole/Session.pm#L43", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "description": [{"lang": "en", "value": "CWE-338"}]}], "descriptions": [{"lang": "en", "value": "Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID."}, {"lang": "es", "value": "Las versiones de Maypole de la 2.10 a la 2.13 para Perl generan identificadores de sesi\u00f3n de forma insegura. El identificador de sesi\u00f3n se inicializa con la hora del sistema (que est\u00e1 disponible en los encabezados de respuesta HTTP), una llamada a la funci\u00f3n rand() incorporada y el PID."}], "lastModified": "2026-02-18T17:52:22.253", "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e"}